View Issue Details

IDProjectCategoryView StatusLast Update
0004035Kali LinuxQueued Tool Additionpublic2024-03-26 09:39
Reporterx90skysn3k Assigned Tosbrun  
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version2017.1 
Fixed in Version2024.2 
Summary0004035: BruteSpray - Automatically attempts default creds on found services.
Description

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

github - https://github.com/x90skysn3k/brutespray

demo - https://youtu.be/C-CVLbSEe_g

Thought it might be a cool addition, we have had a lot of folks use it on their tests and with good success!

Activities

x90skysn3k

x90skysn3k

2017-05-24 16:10

reporter   ~0006741

updated to v1.5 - https://github.com/x90skysn3k/brutespray

added interactive mode for ease of use.

x90skysn3k

x90skysn3k

2017-06-16 13:05

reporter   ~0006835

added tags for building

x90skysn3k

x90skysn3k

2017-07-17 14:59

reporter   ~0006905

anything i can do to help move this along?

Thanks!

rhertzog

rhertzog

2017-07-17 15:37

administrator   ~0006907

It looks like someone wants to package this in Debian so it will come to Kali that way.

https://lists.alioth.debian.org/pipermail/pkg-security-team/Week-of-Mon-20170619/001559.html

Sophie, feel free to clean up the packaging on the Debian side to finish this.

g0tmi1k

g0tmi1k

2017-07-18 14:27

administrator   ~0006925

ACK.

Name: brutespray
Version: v1.5.1
Homepage: https://github.com/x90skysn3k/brutespray
Download: https://github.com/x90skysn3k/brutespray/archive/brutespray-1.5.1.tar.gz
License: MIT ~ https://github.com/x90skysn3k/brutespray/blob/master/LICENSE.md
Description: Brute-Forcing from Nmap output - Automatically attempts default creds on found services.

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

Please add to Kali.

sbrun

sbrun

2017-08-31 13:36

manager   ~0007221

brutespray has just been accepted in Debian unstable. It will migrate in Debian Testing and Kali-rolling automatically.

sbrun

sbrun

2017-09-07 08:27

manager   ~0007252

version 1.5.2-1 is now in kali-rolling

x90skysn3k

x90skysn3k

2024-02-27 21:34

reporter   ~0018943

I have rewritten brutespray in golang and so I assume the packaging is now broken. Anything I can do to push this along and help update the packaging? I see that this is packaged in Debian so I may have to have it updated there to. I no longer depend on medusa for the bruteforcing. The wordlist location is still (/usr/share/wordlist or currentdir + wordlist), and I tried to make sure to not add any regressions.

sbrun

sbrun

2024-03-15 15:15

manager   ~0019034

Thank you for the notification. We didn't notice that there were new releases because the release tarballs have a new name format.

To update the package in Debian, all the Go dependencies must be packaged separately. It can require a lot of work and time (I have not checked yet how many dependencies are not already in Debian).

I will work on the update in Kali only for the moment.

sbrun

sbrun

2024-03-21 14:57

manager   ~0019061

the version 2.2.2-0kali1 is available in kali-rolling.

For the Debian package, I made a bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067431

Issue History

Date Modified Username Field Change
2017-05-22 17:12 x90skysn3k New Issue
2017-05-24 16:10 x90skysn3k Note Added: 0006741
2017-06-16 13:05 x90skysn3k Note Added: 0006835
2017-06-22 14:15 g0tmi1k Assigned To => sbrun
2017-06-22 14:15 g0tmi1k Status new => assigned
2017-07-08 18:15 rhertzog Status assigned => feedback
2017-07-17 14:59 x90skysn3k Note Added: 0006905
2017-07-17 14:59 x90skysn3k Status feedback => assigned
2017-07-17 15:37 rhertzog Note Added: 0006907
2017-07-18 14:27 g0tmi1k Note Added: 0006925
2017-07-18 14:28 g0tmi1k Summary BruteSpray - Requesting to be added to Kali => Add BruteSpray v1.5.1 - utomatically attempts default creds on found services.
2017-07-18 14:28 g0tmi1k Summary Add BruteSpray v1.5.1 - utomatically attempts default creds on found services. => Add BruteSpray v1.5.1 - Automatically attempts default creds on found services.
2017-08-31 13:36 sbrun Note Added: 0007221
2017-09-07 08:27 sbrun Status assigned => resolved
2017-09-07 08:27 sbrun Resolution open => fixed
2017-09-07 08:27 sbrun Note Added: 0007252
2017-09-07 12:53 g0tmi1k Fixed in Version => 2017.2
2021-05-18 11:02 g0tmi1k Category New Tool Requests => Queued Tool Addition
2024-02-27 21:34 x90skysn3k Status resolved => feedback
2024-02-27 21:34 x90skysn3k Resolution fixed => reopened
2024-02-27 21:34 x90skysn3k Note Added: 0018943
2024-03-13 14:24 daniruiz Summary Add BruteSpray v1.5.1 - Automatically attempts default creds on found services. => BruteSpray - Automatically attempts default creds on found services.
2024-03-15 15:15 sbrun Note Added: 0019034
2024-03-21 14:57 sbrun Note Added: 0019061
2024-03-21 14:58 sbrun Status feedback => resolved
2024-03-21 14:58 sbrun Resolution reopened => fixed
2024-03-21 14:58 sbrun Fixed in Version 2017.2 => 2024.2